WIP: just staging here to see diff

.gitignore

@@ -0,0 +1 @@
+__pycache__

Taskfile.yaml

@@ -0,0 +1,44 @@
+version: "3"
+
+vars:
+  PYTHON_DIRS: c4_protocol
+
+tasks:
+  clean:
+    desc: Remove Python cache files
+    cmds:
+      - find {{.PYTHON_DIRS}} -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null || true
+      - find {{.PYTHON_DIRS}} -type f -name "*.pyc" -delete 2>/dev/null || true
+      - find . -maxdepth 1 -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null || true
+
+  fmt:
+    desc: Format Python code with ruff
+    cmds:
+      - uv run ruff format {{.PYTHON_DIRS}}
+
+  fmt:check:
+    desc: Check Python formatting without modifying files
+    cmds:
+      - uv run ruff format --check {{.PYTHON_DIRS}}
+
+  lint:
+    desc: Run ruff linter and auto-fix
+    cmds:
+      - uv run ruff check --fix {{.PYTHON_DIRS}}
+
+  lint:check:
+    desc: Run ruff linter (check only)
+    cmds:
+      - uv run ruff check {{.PYTHON_DIRS}}
+
+  typecheck:
+    desc: Run pyright type checker
+    cmds:
+      - uv run pyright {{.PYTHON_DIRS}}
+
+  check:
+    desc: Run all checks (format, lint, typecheck)
+    cmds:
+      - task: fmt:check
+      - task: lint:check
+      - task: typecheck

c4_protocol/.gitignore

@@ -0,0 +1,5 @@
+__pycache__/
+*.pyc
+implants/
+logs/
+operator_*.xml

c4_protocol/C4 Protocol Security Review & Hardenin.md

@@ -0,0 +1,52 @@
+# C4 Protocol Security Review & Hardening Notes
+
+## Current Architecture Summary
+
+The protocol uses a math-free **Encrypted Map** architecture. Commands are disguised as polymorphic natural-language coding directives across 6 syntax families. On the target, a lightweight C# engine derives a 64-character salt from the operator's X25519 Public Key, unlocks an XOR-encrypted "Configuration Vault," and resolves codewords directly to tool calls. All exfiltration is encrypted via modern X25519 ECDH + AES-256-CBC.
+
+---
+
+## Vulnerability Assessment (Updated March 2026)
+
+### 1. FIXED: Salt derivation from X25519 Public Key
+**Status: COMPLETED.** The salt is derived at runtime using HMAC-SHA256 of the operator's 32-byte X25519 Public Key. This replaces the bulky RSA XML scheme with a modern, high-entropy binary source.
+
+### 2. FIXED: Encrypted Configuration Vault
+**Status: COMPLETED.** All vocabulary mappings (Tool, Param, and Value) have been moved out of plaintext. They are consolidated into a JSON blob, XOR-encrypted with the 64-character salt, and stored as a binary vault. No protocol-specific strings are visible to static analysis.
+
+### 3. MITIGATED: Long-Key XOR Encryption
+**Status: IMPROVED.** The XOR key (Salt) length has been increased to 64 characters (256 bits). While still a repeating XOR cipher, the 64-byte cycle significantly increases the difficulty of frequency analysis against the encrypted JSON vault.
+
+### 4. FIXED: Polymorphic Template Families
+**Status: COMPLETED.** The system supports 6 distinct template families (`CLASS_METHOD`, `CLASS_ATTR`, `DECORATOR`, `TYPE_HINT`, `CONFIG_DICT`, `INHERITANCE`), breaking static regex-based detection and increasing structural variance.
+
+### 5. FIXED: Many-to-One Value Mapping
+**Status: COMPLETED.** Sensitive values (e.g., `/etc/passwd`) are now mapped to multiple randomized cover values, breaking 1:1 correlation during statistical analysis.
+
+---
+
+## Remaining Potential Vulnerabilities
+
+### 6. MEDIUM: No temporal nondeterminism
+The distribution of codewords remains uniform over time.
+**Hardening ideas:**
+- **Zipfian sampling**: Weight codeword selection to follow a power-law distribution. 
+- **Time-dependent selection**: Use `HMAC(salt, timestamp_hour)` to rotate the active codeword subset.
+
+### 7. LOW: Single-parameter encoding per template sentence
+Multi-parameter tool calls produce multiple sentences.
+**Hardening:** Support multi-parameter templates that embed 2-3 params in a single class definition.
+
+---
+
+## Implemented Enhancements (March 2026)
+
+| Priority | Change | Impact |
+|----------|--------|--------|
+| 1 | **X25519 KDF** | Modern, high-entropy salt derivation. |
+| 2 | **XOR-Encrypted Vault** | Complete string hiding for all tool mappings. |
+| 3 | **64-Character Key** | Statistical protection for the encrypted vault. |
+| 4 | **6-Family Polymorphism** | Maximum structural variance in camouflage code. |
+| 5 | **X25519 ECDH Exfil** | Perfect Forward Secrecy for exfiltrated results. |
+| 6 | **Many-to-One Mapping** | Breaks 1:1 correlation of sensitive values. |
+| 7 | **Math-Free Design** | 100% reliability; script size reduced to 50KB. |